-
Notifications
You must be signed in to change notification settings - Fork 246
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FEATURE] Support multithreading in the OAuth client #549
Comments
I had a look at this, and a detailed conversation with @johnowhitaker this morning. Here's my understanding of the particular issue described here, and more broadly what might be done to support secure oauth correctly and comfortably. I believe I'm also summarizing Johno's view but I'll let him chime in to correct me!
|
Yup, as Alexis says, we use WebApplicationClient which has this behavior of setting .token on the client. If you're using the OAuth class this isn't a problem since all the logic happens in the So unless I'm missing something the current behaviour is OK but the request is for a thread-safe alternative (which might require modifying or switching away from oauthlib (or maybe making one ephemeral client per request?). I don't think we have plans for this for now. PS: closing the other issue for now, to keep the discussion here. |
I think this should be fine now. |
This issue is identical to another issue which I opened here.
The problem is that simultaneous authorization requests overwrite the same
token
attribute of the client (see this line).The text was updated successfully, but these errors were encountered: